754 matches found
Debian DLA-2196-2 : pound regression update
A regression has been found in the patch for CVE-2016-10711 of pound, a reverse proxy, load balancer and HTTPS front-end for Web servers. Without the fix pound can be tricked to use 100% CPU. For Debian 8 'Jessie', this problem has been fixed in version 2.6-6+deb8u3. We recommend that you upgrade...
[SECURITY] [DLA 2196-1] pound security update
Package : pound Version : 2.6-6+deb8u2 CVE ID : CVE-2016-10711 An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow attackers to send a specially crafted http request to a web...
RHEL 8 : haproxy (RHSA-2020:1725)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1725 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. The following packages...
Zen Load Balancer 3.10.1 - Directory Traversal Exploit
Exploit for cgi platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zen Load Balancer Directory Traversal", 'Description' = %q This module exploits a...
Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zen Load Balancer Directory Traversal", 'Description' = %q This module exploits a authenticated directory traversal vulnerability in Zen Load...
Zen Load Balancer 3.10.1 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zen Load Balancer Directory Traversal", 'Description' = %q This module exploits a authenticated directory traversal vulnerability in Zen Load...
CVE-2020-11491
creationtimestamp| type| source ---|---|--- 2020-04-16 16:13:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/zenloadbalancertraversal.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
EulerOS 2.0 SP3 : nginx (EulerOS-SA-2020-1413)
According to the version of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read...
Zen Load Balancer 'index.cgi' Directory Traversal Vulnerability
Zen Load Balancer is a complete load balancing solution that provides high availability for TCP, UDP, advanced HTTP and HTTPS services, and data line communications uplinks. A directory traversal vulnerability exists in Zen Load Balancer 'index.cgi'. An attacker can exploit the vulnerability to...
Zen Load Balancer Directory Traversal
This module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in 'index.cgi' not properly handling 'filelog=' parameter which allows a malicious actor to load arbitrary file path. This module requires Metasploit: https://metasploit.com/downlo...
Zen Load Balancer 3.10.1 - (index.cgi) Directory Traversal Exploit
Exploit for cgi platform in category web applications Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal Exploit Author: Basim Alabdullah Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Version: 3.10.1...
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. It was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where modproxy is used in load balancer mode....
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal Date: 2020-04-10 Exploit Author: Basim Alabdullah Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Version: 3.10.1 Tested on: Debian8u2 Technical Details...
Zen Load Balancer 3.10.1 Directory Traversal
Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal Date: 2020-04-10 Exploit Author: Basim Alabdullah Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Version: 3.10.1 Tested on: Debian8u2 Technical Details...
Zen Load Balancer Path Traversal Vulnerability
ZEVENET Zen Load Balancer is an application delivery controller from ZEVENET Spain. A security vulnerability exists in Monitoring::Logs in ZEVENET Zen Load Balancer version 3.10.1. No details of the vulnerability are provided at this time...
ZEVENET Zen Load Balancer Operating System Command Injection Vulnerability
ZEVENET Zen Load Balancer is an application delivery controller from ZEVENET Spain. A security vulnerability exists in Manage::Certificates in ZEVENET Zen Load Balancer version 3.10.1. An attacker can exploit this vulnerability with the help of parameters such as 'certissuer' with shell...
CVE-2020-11490
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...
CVE-2020-11491
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...
CVE-2020-11490
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...